2017-08-24 18:46:01 -04:00
|
|
|
package trust
|
|
|
|
|
|
|
|
import (
|
2024-02-21 10:36:17 -05:00
|
|
|
"context"
|
2022-02-25 08:33:57 -05:00
|
|
|
"io"
|
2017-08-24 18:46:01 -04:00
|
|
|
"testing"
|
|
|
|
|
2024-02-21 10:36:17 -05:00
|
|
|
"github.com/docker/cli/cli/command"
|
2018-08-09 15:58:54 -04:00
|
|
|
"github.com/docker/cli/cli/trust"
|
2017-08-24 18:46:01 -04:00
|
|
|
"github.com/docker/cli/internal/test"
|
2018-03-08 08:35:17 -05:00
|
|
|
"github.com/docker/cli/internal/test/notary"
|
2017-10-30 12:21:41 -04:00
|
|
|
"github.com/theupdateframework/notary/client"
|
|
|
|
"github.com/theupdateframework/notary/passphrase"
|
|
|
|
"github.com/theupdateframework/notary/trustpinning"
|
2020-02-22 12:12:14 -05:00
|
|
|
"gotest.tools/v3/assert"
|
|
|
|
is "gotest.tools/v3/assert/cmp"
|
2024-02-21 10:36:17 -05:00
|
|
|
"gotest.tools/v3/golden"
|
2017-08-24 18:46:01 -04:00
|
|
|
)
|
|
|
|
|
2017-08-25 17:49:40 -04:00
|
|
|
func TestTrustRevokeCommandErrors(t *testing.T) {
|
2017-08-24 18:46:01 -04:00
|
|
|
testCases := []struct {
|
|
|
|
name string
|
|
|
|
args []string
|
|
|
|
expectedError string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "not-enough-args",
|
|
|
|
expectedError: "requires exactly 1 argument",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "too-many-args",
|
|
|
|
args: []string{"remote1", "remote2"},
|
|
|
|
expectedError: "requires exactly 1 argument",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "sha-reference",
|
|
|
|
args: []string{"870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd"},
|
|
|
|
expectedError: "invalid repository name",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "invalid-img-reference",
|
|
|
|
args: []string{"ALPINE"},
|
|
|
|
expectedError: "invalid reference format",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "digest-reference",
|
|
|
|
args: []string{"ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2"},
|
|
|
|
expectedError: "cannot use a digest reference for IMAGE:TAG",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
|
|
cmd := newRevokeCommand(
|
|
|
|
test.NewFakeCli(&fakeClient{}))
|
|
|
|
cmd.SetArgs(tc.args)
|
2022-02-25 08:33:57 -05:00
|
|
|
cmd.SetOut(io.Discard)
|
2018-03-06 14:03:47 -05:00
|
|
|
assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
|
2017-08-24 18:46:01 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-08-09 15:58:54 -04:00
|
|
|
func TestTrustRevokeCommand(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
doc string
|
|
|
|
notaryRepository func(trust.ImageRefAndAuth, []string) (client.Repository, error)
|
|
|
|
args []string
|
|
|
|
expectedErr string
|
|
|
|
expectedMessage string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
doc: "OfflineErrors_Confirm",
|
|
|
|
notaryRepository: notary.GetOfflineNotaryRepository,
|
|
|
|
args: []string{"reg-name.io/image"},
|
|
|
|
expectedMessage: "Please confirm you would like to delete all signature data for reg-name.io/image? [y/N] \nAborting action.",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
doc: "OfflineErrors_Offline",
|
|
|
|
notaryRepository: notary.GetOfflineNotaryRepository,
|
|
|
|
args: []string{"reg-name.io/image", "-y"},
|
|
|
|
expectedErr: "could not remove signature for reg-name.io/image: client is offline",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
doc: "OfflineErrors_WithTag_Offline",
|
|
|
|
notaryRepository: notary.GetOfflineNotaryRepository,
|
|
|
|
args: []string{"reg-name.io/image:tag"},
|
|
|
|
expectedErr: "could not remove signature for reg-name.io/image:tag: client is offline",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
doc: "UninitializedErrors_Confirm",
|
|
|
|
notaryRepository: notary.GetUninitializedNotaryRepository,
|
|
|
|
args: []string{"reg-name.io/image"},
|
|
|
|
expectedMessage: "Please confirm you would like to delete all signature data for reg-name.io/image? [y/N] \nAborting action.",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
doc: "UninitializedErrors_NoTrustData",
|
|
|
|
notaryRepository: notary.GetUninitializedNotaryRepository,
|
|
|
|
args: []string{"reg-name.io/image", "-y"},
|
|
|
|
expectedErr: "could not remove signature for reg-name.io/image: does not have trust data for",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
doc: "UninitializedErrors_WithTag_NoTrustData",
|
|
|
|
notaryRepository: notary.GetUninitializedNotaryRepository,
|
|
|
|
args: []string{"reg-name.io/image:tag"},
|
|
|
|
expectedErr: "could not remove signature for reg-name.io/image:tag: does not have trust data for",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
doc: "EmptyNotaryRepo_Confirm",
|
|
|
|
notaryRepository: notary.GetEmptyTargetsNotaryRepository,
|
|
|
|
args: []string{"reg-name.io/image"},
|
|
|
|
expectedMessage: "Please confirm you would like to delete all signature data for reg-name.io/image? [y/N] \nAborting action.",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
doc: "EmptyNotaryRepo_NoSignedTags",
|
|
|
|
notaryRepository: notary.GetEmptyTargetsNotaryRepository,
|
|
|
|
args: []string{"reg-name.io/image", "-y"},
|
|
|
|
expectedErr: "could not remove signature for reg-name.io/image: no signed tags to remove",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
doc: "EmptyNotaryRepo_NoValidTrustData",
|
|
|
|
notaryRepository: notary.GetEmptyTargetsNotaryRepository,
|
|
|
|
args: []string{"reg-name.io/image:tag"},
|
|
|
|
expectedErr: "could not remove signature for reg-name.io/image:tag: No valid trust data for tag",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
doc: "AllSigConfirmation",
|
|
|
|
notaryRepository: notary.GetEmptyTargetsNotaryRepository,
|
|
|
|
args: []string{"alpine"},
|
|
|
|
expectedMessage: "Please confirm you would like to delete all signature data for alpine? [y/N] \nAborting action.",
|
|
|
|
},
|
|
|
|
}
|
2017-09-13 12:50:37 -04:00
|
|
|
|
2018-08-09 15:58:54 -04:00
|
|
|
for _, tc := range testCases {
|
|
|
|
t.Run(tc.doc, func(t *testing.T) {
|
|
|
|
cli := test.NewFakeCli(&fakeClient{})
|
|
|
|
cli.SetNotaryClient(tc.notaryRepository)
|
|
|
|
cmd := newRevokeCommand(cli)
|
|
|
|
cmd.SetArgs(tc.args)
|
2022-02-25 08:33:57 -05:00
|
|
|
cmd.SetOut(io.Discard)
|
2018-08-09 15:58:54 -04:00
|
|
|
if tc.expectedErr != "" {
|
|
|
|
assert.ErrorContains(t, cmd.Execute(), tc.expectedErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
assert.NilError(t, cmd.Execute())
|
|
|
|
assert.Check(t, is.Contains(cli.OutBuffer().String(), tc.expectedMessage))
|
|
|
|
})
|
|
|
|
}
|
2017-08-24 18:46:01 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestGetSignableRolesForTargetAndRemoveError(t *testing.T) {
|
2022-02-25 08:33:57 -05:00
|
|
|
notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever("password"), trustpinning.TrustPinConfig{})
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.NilError(t, err)
|
2017-08-24 18:46:01 -04:00
|
|
|
target := client.Target{}
|
|
|
|
err = getSignableRolesForTargetAndRemove(target, notaryRepo)
|
2018-03-06 15:54:24 -05:00
|
|
|
assert.Error(t, err, "client is offline")
|
2017-08-24 18:46:01 -04:00
|
|
|
}
|
2024-02-21 10:36:17 -05:00
|
|
|
|
|
|
|
func TestRevokeTrustPromptTermination(t *testing.T) {
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
|
|
t.Cleanup(cancel)
|
|
|
|
|
|
|
|
cli := test.NewFakeCli(&fakeClient{})
|
|
|
|
cmd := newRevokeCommand(cli)
|
|
|
|
cmd.SetArgs([]string{"example/trust-demo"})
|
|
|
|
test.TerminatePrompt(ctx, t, cmd, cli, func(t *testing.T, err error) {
|
|
|
|
t.Helper()
|
|
|
|
assert.ErrorIs(t, err, command.ErrPromptTerminated)
|
|
|
|
})
|
|
|
|
assert.Equal(t, cli.ErrBuffer().String(), "")
|
|
|
|
golden.Assert(t, cli.OutBuffer().String(), "trust-revoke-prompt-termination.golden")
|
|
|
|
}
|